Hi All,
2 days ago, I used skype on my laptop, which hadn't seen the net before then. I successfully spoke with my mother, and had no problems. Yesterday, I had what I believe was an unauthorized access to my laptop, so, I changed all passwds on my smoothwall box, and also put the local host onto a new subnet. Today, I experienced some weirdness with skype, where, I could hear/be heard, but, the ring tone for calling/receiving had stopped. I most certainly made no changes to skype's configuration. Today, whilst snooping around my laptop, for numerous things, I came upon some files in /tmp, which I don't recognize,
[root@localhost tmp]# ls keyring-XphDRC gconfd-racket mapping-racket ssh-qONcvE2869 gconfd-root orbit-racket xses-racket.bWVjc5 keyring-P5i6Xo orbit-root
below is just some content from "xses-racket.bWVjc5"
(nautilus:2955): Eel-WARNING **: Error starting command ''/tmp/keyring-XphDRC/socket'': Failed to execute child process "/tmp/keyring-XphDRC/socket" (Permission denied)
I ran a soundcard test today, could that be it?
This is all probably not related, but, I find it odd. What do you think? I googled for info on the filenames, but, found nothing. Cheers.
Mark Sargent.
On Sat, 28 Jan 2006, Mark Sargent wrote:
This is all probably not related, but, I find it odd. What do you think? I googled for info on the filenames, but, found nothing. Cheers.
Of course /tmp is a scratch pad. Here is what I would do 1) run rpm -Va | grep bin to see if any binaries have been changed 2) boot single user and wipe everything in /tmp 3) boot multi user and try various things, watching /tmp while you do so.
------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
Jim Wildman wrote:
Of course /tmp is a scratch pad. Here is what I would do
- run rpm -Va | grep bin to see if any binaries have been changed
man, runs forever on my slow laptop. will post any abnormalities later
- boot single user and wipe everything in /tmp
doing it whilst logged in as normal, I got them again, upon a restart. As single user is different?
- boot multi user and try various things, watching /tmp while you do
so.
will try this.
Cheers.
Mark Sargent
Mark Sargent wrote:
Jim Wildman wrote:
Of course /tmp is a scratch pad. Here is what I would do
- run rpm -Va | grep bin to see if any binaries have been changed
man, runs forever on my slow laptop. will post any abnormalities later
[root@localhost ~]# rpm -Va | grep bin prelink: /usr/bin/vbox: at least one of file's dependencies has changed since prelinking S.?...... /usr/bin/vbox ........C /usr/bin/acroread
Below is the man page for vbox. Interesting that I'm experiencing problems, and this has been changed, apparently. Thoughts? Over-reaction, and nothing to stress about? Cheers.
Mark Sargent. http://gd.tuwien.ac.at/linuxcommand.org/man_pages/vbox1.html
On 1/29/06, Mark Sargent powderkeg@snow.email.ne.jp wrote:
Mark Sargent wrote:
Jim Wildman wrote:
Of course /tmp is a scratch pad. Here is what I would do
- run rpm -Va | grep bin to see if any binaries have been changed
Below is the man page for vbox. Interesting that I'm experiencing problems, and this has been changed, apparently. Thoughts? Over-reaction, and nothing to stress about? Cheers.
The files you listed don't appear to be anything to worry about in /tmp
Basically you're running X (xses-foo is an x session file) and using something which uses gconf (could be gnome or a gnome related application)and orbit. This is perfectly normal system activity. Actually, you don't seem to list as much as I'd expect to see. People that use screen will have entries in there for screen sessions, gaim drops files in there, etc.
It's nothing to worry about. If you're REALLY concerned, you can put /tmp on it's own partition and mount it noexec, although this can have some unexpected side-effects (with cron) that you'll want to be aware of.
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center
On Sunday 29 January 2006 09:18 am, Jim Perrin wrote:
It's nothing to worry about. If you're REALLY concerned, you can put /tmp on it's own partition and mount it noexec, although this can have some unexpected side-effects (with cron) that you'll want to be aware of.
Jim, on our shared webhosting servers we always mount /tmp on it's own partition noexec. And we've never had problems with cron that I know of.
Can you give me an idea of what to look for?
Thanks.
Jeff
Jim, on our shared webhosting servers we always mount /tmp on it's own partition noexec. And we've never had problems with cron that I know of.
Can you give me an idea of what to look for?
There were issues with logrotate postrotate scripts running, and other such things. See the bug below for an example, or search bugzilla for yourself.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156594
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center
On Sunday 29 January 2006 08:05 pm, Jim Perrin wrote:
There were issues with logrotate postrotate scripts running, and other such things. See the bug below for an example, or search bugzilla for yourself.
Thanks. I'm going to add the "fix" in comment 10.
Hopefully the fix will appear in the next major set of updates.
Jeff
Jeff Lasman wrote:
On Sunday 29 January 2006 09:18 am, Jim Perrin wrote:
It's nothing to worry about. If you're REALLY concerned, you can put /tmp on it's own partition and mount it noexec, although this can have some unexpected side-effects (with cron) that you'll want to be aware of.
Jim, on our shared webhosting servers we always mount /tmp on it's own partition noexec. And we've never had problems with cron that I know of.
and i am sure you know that the 'noexec' is easily circumvented in most situations....
and i am sure you know that the 'noexec' is easily circumvented in most situations....
Very true. We use it as "One more layer" for security. It's not a big step, but every little bit to make things more difficult for someone trying to get in...
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center
On Monday 30 January 2006 01:54 am, Karanbir Singh wrote:
and i am sure you know that the 'noexec' is easily circumvented in most situations....
Sure... but most of the kiddie scripts I've seen depend on it.
Jeff
Jeff Lasman wrote:
On Monday 30 January 2006 01:54 am, Karanbir Singh wrote:
and i am sure you know that the 'noexec' is easily circumvented in most situations....
Sure... but most of the kiddie scripts I've seen depend on it.
Jeff
/usr/sbin/setenforce 1
And that should take care of most of the kiddies.
Mark Sargent wrote:
Hi All,
2 days ago, I used skype on my laptop, which hadn't seen the net before then. I successfully spoke with my mother, and had no problems. Yesterday, I had what I believe was an unauthorized access to my laptop, so, I changed all passwds on my smoothwall box, and also put the local host onto a new subnet. Today, I experienced some weirdness with skype, where, I could hear/be heard, but, the ring tone for calling/receiving
depending on what version of skype you are using - it might be worth while doing a 'downgrade', the latest greatest version of skype for linux does not work, they know it does not, and they dont care.
I've been using 0.8.something for a long time now, it works, i hear voice. and dont intend to upgrade.
Karanbir Singh wrote:
Mark Sargent wrote:
Hi All,
2 days ago, I used skype on my laptop, which hadn't seen the net before then. I successfully spoke with my mother, and had no problems. Yesterday, I had what I believe was an unauthorized access to my laptop, so, I changed all passwds on my smoothwall box, and also put the local host onto a new subnet. Today, I experienced some weirdness with skype, where, I could hear/be heard, but, the ring tone for calling/receiving
depending on what version of skype you are using - it might be worth while doing a 'downgrade', the latest greatest version of skype for linux does not work, they know it does not, and they dont care.
I've been using 0.8.something for a long time now, it works, i hear voice. and dont intend to upgrade.
I've also found Skype to be a bit dodgy under Linux. Sometimes it works, sometimes it doesn't. When I really need to use it, I boot up WinXP on my laptop and it works fine. As Karanbir noted, they don't seem to really care what happens on the Linux front so I wouldn't hold your breath waiting for any fixes if it turns out to be a version-specific issue. If it's just a matter of tweaking your firewall, consider yourself lucky.
Cheers,
-
Chris Mauritz -
Jeff Lasman -
Jim Perrin -
Jim Wildman -
Karanbir Singh -
Mark Sargent